IBM Computer Hardware 2 User Manual Page 45
- Page / 508
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
CCA Release 2.54
Notes:
1. During the portions of the year when Daylight Savings Time is not in effect, the
time difference between Eastern Standard Time and GMT is 5 hours.
2. In the OS/400 environment, no translation is provided for Role and Profile
names. The Coprocessor will initialize the default role name to DEFAULT
encoded in ASCII. OS/400 CCA users will need to consider the encoding of
Role and Profile names.
Logging On and Logging Off
A user must log on to the Coprocessor in order to activate a user profile and the
associated role. This is the only way to use a role other than the default role. You
log on and log off using the Logon_Control verb, which is described on page 2-52.
When you successfully log on, the CCA implementation establishes a session
between your application program and the Coprocessor's access-control system.
The Security Application Program Interface (SAPI) code stores the logon context
information, which contains the session information needed by the host computer to
protect and validate transactions sent to the Coprocessor. As part of that session,
a randomly derived session key, generated in the Coprocessor, is subsequently
used to protect information you interchange with the Coprocessor. This protection
is described in “Protecting Your Transaction Information” on page 2-9. The logon
process and its algorithms are described in “Passphrase Verification Protocol” on
page D-16.
On OS/2, AIX, and NT, the logon context information resides in memory associated
with the process thread which performed the Logon_Control verb. On OS/400, the
logon context information resides in memory owned by the process in which the
application runs. Host-side logon context information can be saved and shared
with other threads, processes, or programs; see “Use of Logon Context Information”
on page 2-8.
Thus, on OS/2, AIX, and NT, each thread in any process can log on to the CCA
access control system within a specific CCA Coprocessor. Because the
Coprocessor code creates the session key, and the session key is stored in the
active context information, a thread cannot concurrently be logged on to more that
one Coprocessor.
In order to log on, you must prove the user's identity to the Coprocessor. This is
accomplished using a passphrase, a string of up to 64 characters which are known
only to you and the Coprocessor. A good passphrase should not be too short, and
it should contain a mixture of alphabetic characters, numeric characters, and
special symbols such as “*,” “+,” “!,” and others. It should not be comprised of
familiar words or other information which someone might be able to guess.
When you log on, no part of the passphrase ever travels over any interface to the
Coprocessor. The passphrase is hashed and processed into a key that encrypts
information passed to the Coprocessor. The Coprocessor has a copy of the hash
and can construct the same key to recover and validate the log-on information.
CCA does not communicate your passphrase outside of the memory owned by the
calling process.
When you have finished your work with the Coprocessor, you must log off in order
to end your session. This invalidates the session key you established when you
Chapter 2. CCA Node-Management and Access-Control 2-7
- Release 2.54 1
- IBM iSeries PCICC Feature 1
- Contents 3
- CCA Release 2.54 10
- Trademarks 13
- About This Publication 15
- Release 2.52 16
- Release 2.51 16
- Release 2.41 17
- About This Publication xix 19
- Organization 22
- Related Publications 23
- Cryptography Publications 23
- Overlapped Processing 31
- CCA Access-Control 40
- Understanding Access Control 40
- Role-Based Access Control 40
- Understanding Roles 41
- Understanding Profiles 42
- Logging On and Logging Off 45
- Multi-Coprocessor Capability 48
- Establishing Master Keys 51
- Logon_Control (CSUALCT) 90
- Master_Key_Process (CSNBMKP) 97
- Related Information 100
- Random_Number_Tests (CSUARNT) 102
- Restrictions 102
- Parameters 102
- Required Commands 103
- Chapter 3. RSA Key-Management 105
- Key Generation 106
- Key Import 108
- Using the PKA Keys 109
- Extracting a Public Key 110
- PKA_Key_Generate (CSNDPKG) 111
- PKA_Key_Import (CSNDPKI) 115
- PKA_Key_Token_Build (CSNDPKB) 118
- CCA Release 2.54 122
- Digital Signatures 136
- MDC_Generate (CSNBMDG) 144
- One_Way_Hash (CSNBOWH) 147
- Chapter 5. DES Key-Management 151
- Control Vectors 154
- Key Types 155
- Key-Usage Restrictions 156
- Key Tokens 162
- Key Labels 164
- Key Identifiers 164
- Installing and Verifying Keys 165
- Generating Keys 166
- Diversifying Keys 169
- Storing Keys in Key Storage 170
- Security Precautions 171
- Clear_Key_Import (CSNBCKI) 172
- Data_Key_Export (CSNBDKX) 181
- Data_Key_Import (CSNBDKM) 183
- Key_Export (CSNBKEX) 192
- Key_Generate (CSNBKGN) 194
- Key-Length Specification 199
- Key_Import (CSNBKIM) 201
- CCA Release 2.54 Key_Import 203
- Key_Part_Import (CSNBKPI) 204
- Key_Test (CSNBKYT) 208
- Key_Token_Build (CSNBKTB) 211
- Key_Token_Change (CSNBKTC) 214
- Key_Token_Parse (CSNBKTP) 216
- Key_Translate (CSNBKTR) 219
- PKA_Decrypt (CSNDPKD) 223
- PKA_Encrypt (CSNDPKE) 225
- PKA_Encrypt CCA Release 2.54 226
- Ensuring Data Confidentiality 243
- Ensuring Data Integrity 245
- Decipher (CSNBDEC) 247
- Decipher CCA Release 2.54 248
- Encipher (CSNBENC) 250
- CCA Release 2.54 Encipher 251
- MAC_Generate (CSNBMGN) 253
- MAC_Verify (CSNBMVR) 256
- Chapter 7. Key-Storage Verbs 259
- Key-Label Content 260
- DES_Key_Record_List (CSNBKRL) 265
- PKA_Key_Record_List (CSNDKRL) 273
- PKA_Key_Record_Read (CSNDKRR) 275
- Retained_Key_List (CSNDRKL) 280
- Processing Financial PINs 284
- PIN-Verb Summary 287
- Providing Security for PINs 288
- PIN Security 289
- PIN-Calculation Methods 290
- Data_Array 290
- PIN Profile 292
- PIN-Extraction Methods 294
- Working With EMV Smart Cards 295
- Clear_PIN_Encrypt (CSNBCPE) 297
- Clear_PIN_Generate (CSNBPGN) 300
- CVV_Generate (CSNBCSG) 309
- CVV_Verify (CSNBCSV) 312
- PIN_Change/Unblock (CSNBPCU) 334
- SET_Block_Compose (CSNDSBC) 348
- SET_Block_Decompose (CSNDSBD) 352
- Return Codes 361
- Reason Codes 361
- Return Code 0 362
- Return Code 4 363
- Return Code 8 364
- Return Code 12 370
- Return Code 16 371
- Appendix B. Data Structures 373
- Null Key-Token 374
- DES Key-Tokens 375
- External DES Key-Token 377
- RSA PKA Key-Tokens 378
- RSA Key-Token Sections 379
- PKA Key-Token Integrity 380
- Chaining-Vector Records 392
- Key-Storage Records 393
- Key_Record_List Data Set 397
- Role Structure 401
- Aggregate Role Structure 402
- Access-Control-Point List 402
- Default Role Contents 403
- Profile Structure 404
- Aggregate Profile Structure 405
- Authentication Data Structure 405
- User Profile 408
- Role Data Structure 411
- Aggregate Role Data Structure 412
- Function Control Vector 414
- Encryption 417
- Changing Control Vectors 432
- Mask Array Preparation 436
- Notation Used in Calculations 444
- MDC-1 Calculation 444
- MDC-2 Calculation 445
- MDC-4 Calculation 445
- Ciphering Methods 445
- ANSI X9.23 447
- MAC Calculation Methods 453
- RSA Key-Pair Generation 455
- Access-Control Algorithms 456
- ANSI X9.31 Hash Format 459
- PKCS #1 Formats 459
- PIN-Calculation Methods 462
- PIN-Block Formats 469
- 3624 PIN-Block Format 469
- ISO-0 PIN-Block Format 470
- ISO-1 PIN-Block Format 471
- ISO-2 PIN-Block Format 472
- UKPT Calculation Methods 473
- CVV and CVC Method 476
- PIN-Block Self-encryption 479
- Appendix F. Verb List 481
- List of Abbreviations 491
- Glossary 493
- Numerics 499
- PDF File 508
Related products and manuals for Software IBM Computer Hardware 2
Software IBM SG24-5131-00 User Manual
(240 pages)
(240 pages)
Software IBM AS/400 User Manual
(489 pages)
(489 pages)
Software IBM CISCO R2E2 User Manual
(110 pages)
(110 pages)
Software IBM NETCOOL 4.3-W User Manual
(516 pages)
(516 pages)
Software IBM Server OS/390 User Manual
(76 pages)
(76 pages)
Software IBM Switch 15 User Manual
(270 pages)
(270 pages)
Software IBM SC34-7012-01 User Manual
(268 pages)
(268 pages)
Software IBM SC41-5420-04 User Manual
(116 pages)
(116 pages)
Software IBM Transaction Server OS User Manual
(103 pages)
(103 pages)
Software IBM SC34-5764-01 User Manual
(481 pages)
(481 pages)
Software IBM TIVOLI SC32-0129-00 User Manual
(82 pages)
(82 pages)
Software IBM G325-2585-02 User Manual
(90 pages)
(90 pages)
Software IBM SG24-6526-00 User Manual
(184 pages)
(184 pages)
Software IBM SC33-1686-02 User Manual
(317 pages)
(317 pages)
Software IBM 5697-VM3 User Manual
(6 pages)
(6 pages)
Software IBM DS6000 User Manual
(406 pages)
(406 pages)
Software IBM CDI5UG1107 User Manual
(178 pages)
(178 pages)
Software IBM GC28-1982-02 User Manual
(216 pages)
(216 pages)
Software IBM 12.1(22)EA6 User Manual
(550 pages)
(550 pages)
© 2020, manymanuals.com. All rights reserved. | 1.734 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals